CVE Catalog

CVE-2026-9690

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

The WP Media folder plugin in versions <= 4.0.1 has a vulnerability allowing unauthenticated arbitrary file download.

Risk Assessment

An attacker could access sensitive files on the server, potentially leading to data leaks and privacy breaches.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS